Yesterday saw the release of the January 2019 update to .NET Core..NET Core 2.1.7 and .NET Core SDK 2.1.503 ( Download | Release Notes ).NET Core 2.2.1 and .NET Core SDK 2.2.102 ( Download | Release Notes )These updates contain security and reliability fixes.Security Fixes.NET Core Information Disclosure Vulnerability – CVE-2019-0545Microsoft is aware of an information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application.ASP.NET Core Denial Of Service Vulnerability – CVE-2019-0564, CVE-2019-0548Microsoft is aware of a security vulnerability in all public versions of ASP.NET Core where, if an application is hosted on Internet Information Server (IIS) a remote unauthenticated attacker can use a specially crafted request can cause a Denial of Service..NET Core Tampering Vulnerability – CVE-2018-8416A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.Where to Get the UpdateThis update is included in the Visual Studio 15.9.5 update, which was also released yesterday. The latest .NET Core updates are available on the .NET Core download page.Windows ARM supportIncluded in this update is the first availability of the .NET Core for Windows Server, version 1809 ARM32. The SDK zip is expected to be live today.

While working on one of my projects I manually moved some files around and made some changes to the file structure. After doing this I and adding a new project I wanted to commit these new files and structure to Git, I then received this message:“Git failed with a fatal error.error: open(".vs/XXXXXX/v15/Server/sqlite3/db.lock"): Permission denied fatal: Unable to process path .vs/XXXXXX/v15/Server/sqlite3/db.lock”On the first time receiving this error I simply went to my .vs/XXXXXX/v15/Server/sqlite3 folder and deleted the db.lock file and committed my files to Git and it worked.I continued with writing more code for this new project and then proceeded to commit these new code changes and I ended up with the same error message again. This was going to be an annoyance during development so I needed to find a solution.The solution was that while I had moved files around I had removed my .gitignore file. This file tells Git what files to ignore when performing a commit to the server.There are a couple of ways of replacing this file in your project. One way is to download a template for Visual Studio from GitHub’s collection of .gitignore templates @ https://github.com/github/gitignore/blob/master/VisualStudio.gitignoreAnother way is to add it through your Team Explorer window in Visual Studio 1. On the Team Explorer’s window, go to Settings2. Then click on Repository Settings3. Finally, click the Add in the Ignore File section Now you are done.This default file includes the .vs folder and will solve the issue of the locking of the files.

With the pending release of Visual Studio 2017 on March 7, 2017, and the changing format going forward of removing the project.json file to return to the .csproj MsBuild format. Microsoft has conveniently set up a service to help with migrating your projects to the new format. If you got to http://landinghub.visualstudio.com/migrate-dotnetcore, the .NET Core Engineering team have established a way to ask for help. There are also some links to known migration issues that can be found there as well as a form to fill out requesting help.